RHEL 2.1 : fam (RHSA-2005:005)

low Nessus Plugin ID 16108

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

Updated fam packages that fix an information disclosure bug are now available.

FAM, the File Alteration Monitor, provides a daemon and an API which applications can use for notification of changes in specific files or directories.

A bug has been found in the way FAM handles group permissions. It is possible that a local unprivileged user can use a flaw in FAM's group handling to discover the names of files which are only viewable to users in the 'root' group. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2002-0875 to this issue. This issue only affects the version of FAM shipped with Red Hat Enterprise Linux 2.1.

Users of FAM should update to these updated packages which contain backported patches and are not vulnerable to this issue.

Solution

Update the affected fam and / or fam-devel packages.

See Also

https://access.redhat.com/security/cve/cve-2002-0875

https://access.redhat.com/errata/RHSA-2005:005

Plugin Details

Severity: Low

ID: 16108

File Name: redhat-RHSA-2005-005.nasl

Version: 1.24

Type: local

Agent: unix

Published: 1/6/2005

Updated: 1/14/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Low

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:fam, p-cpe:/a:redhat:enterprise_linux:fam-devel, cpe:/o:redhat:enterprise_linux:2.1

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 1/5/2005

Vulnerability Publication Date: 9/5/2002

Reference Information

CVE: CVE-2002-0875

RHSA: 2005:005